25 lines
513 B
YAML
25 lines
513 B
YAML
---
|
|
# Configuration par défaut pour le hardening
|
|
ssh_port: 22
|
|
ssh_protocol: 2
|
|
ssh_permit_root_login: "no"
|
|
ssh_password_authentication: "no"
|
|
ssh_pub_key_authentication: "yes"
|
|
ssh_allow_users: ["ansible"]
|
|
ssh_max_auth_tries: 3
|
|
ssh_client_alive_interval: 300
|
|
ssh_client_alive_count_max: 2
|
|
|
|
# Firewall
|
|
ufw_default_incoming: deny
|
|
ufw_default_outgoing: allow
|
|
ufw_allowed_ports:
|
|
- 22/tcp
|
|
- 25565/tcp
|
|
- 25575/tcp
|
|
|
|
# Fail2ban
|
|
fail2ban_enabled: true
|
|
fail2ban_bantime: 3600
|
|
fail2ban_findtime: 600
|
|
fail2ban_maxretry: 3 |